CN106650425A - Method and device for controlling security sandbox - Google Patents
Method and device for controlling security sandbox Download PDFInfo
- Publication number
- CN106650425A CN106650425A CN201611111596.8A CN201611111596A CN106650425A CN 106650425 A CN106650425 A CN 106650425A CN 201611111596 A CN201611111596 A CN 201611111596A CN 106650425 A CN106650425 A CN 106650425A
- Authority
- CN
- China
- Prior art keywords
- control
- control device
- virtual machine
- operation system
- assigned operation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of invention provides a method and a device for controlling security sandbox, relates to the field of network security, and can enhance analysis efficiency of the security sandbox.. The method comprises the steps that a control device of the security sandbox acquires control information which includes a first control command and configuration parameters, the first control command is used for ordering the security sandbox to generate a first virtual machine with the designated operating system, the configuration parameters are used for modifying the system parameters of the operating system; the control device generates the first virtual machine with the designated operating system according to the first control command; the control device modifies the system parameters of the designated operating system according to the configuration parameters to let the specified operating system with modified parameters to form a simulated operating environment, and the simulated operating environment is used for running the program to be monitored.
Description
Technical field
The present invention relates to network safety filed, more particularly to a kind of control method and device of security sandbox.
Background technology
Security sandbox is the analysis tool that a kind of behavior to unknown program is analyzed, and can effectively analyze unknown journey
Whether sequence has to the main frame or operating system of user and threatens, and analyzes the safety that the unknown program is utilized when finding and threatening
Leak, attack mode, threat degree etc., to help user to judge whether the unknown program should be blocked, and help user
Find the solution for tackling the unknown program.
Traditional security sandbox is typically based on the Typical Disposition of specific one operating system and is provided for running unknown journey
The running environment of sequence.For example, when the Typical Disposition of windows operating systems is the just installation of windows operating systems,
The default system parameter configuration of windows operating systems, including windows carry firewall configuration, allow to use agreement,
Open port etc..But as user uses operating system, various application software are installed in main frame, in this process,
Operation change of the systematic parameter of main frame such as user.For example, windows operating systems acquiescence closes TELNET ports,
And with the installation of some application software, the TELNET ports for causing the main frame are opened.Assume that certain program utilizes TELNET ports
Other network equipments are controlled, because the running environment in traditional security sandbox is matched somebody with somebody based on the typical case of windows operating systems
Install, therefore, traditional security sandbox cannot just find the program using the operation performed by TELNET ports, so as to lead
Apply family cannot determine the program be with threaten program.Therefore, the analysis efficiency of traditional security sandbox is relatively low.
The content of the invention
Embodiments of the invention provide a kind of control method and device of security sandbox, it is possible to increase the analysis of security sandbox
Efficiency.
To reach above-mentioned purpose, embodiments of the invention are adopted the following technical scheme that:
In a first aspect, the embodiment of the present invention provides a kind of control method of security sandbox, methods described includes:
The control device of security sandbox obtains control information, and the control information includes the first control instruction and configuration ginseng
Number, first control instruction is used to indicate that the security sandbox generates the first virtual machine with assigned operation system, described
Configuration parameter is used to change the systematic parameter of the operating system;
The control device generates described first empty with the assigned operation system according to first control instruction
Plan machine;
The control device is modified according to the configuration parameter to the systematic parameter of the assigned operation system, so that
The assigned operation system after parameter must be changed and form dry run environment, the dry run environment is to be monitored for running
Program.
In the first possible implementation of first aspect, the number of first virtual machine is M, M first
The virtual machine of each in virtual machine first has a kind of assigned operation system, and M > 1, M is integer,
The control device is modified according to the configuration parameter to the systematic parameter of the assigned operation system, bag
Include:
The control device is to each the assigned operation system in M assigned operation system according to the configuration parameter
System parameter is modified;
The control information also includes the second control instruction, and second control instruction is used to control the control device company
The M the first virtual machine is connect, the control device is specified according to the configuration parameter to each in M assigned operation system
After the systematic parameter of operating system is modified, methods described also includes:
The control device is attached the M the first virtual machine according to second control instruction, so that institute
Dry run environment is stated including the assigned operation system after M modification parameter.
It is described in second possible implementation with reference to the first possible implementation of above-mentioned first aspect
Control information also includes the 3rd control instruction, and the 3rd control instruction is used to control the control device generation background traffic,
After the control device is attached the M the first virtual machine according to second control instruction, methods described is also wrapped
Include:
The control device controls M first virtual machine and generates the background stream according to the 3rd control instruction
Amount, so that the dry run environment has the background traffic.
With reference to above-mentioned in a first aspect, in the third possible implementation of first aspect, the control information is also wrapped
The 4th control instruction is included, the 4th control instruction is used to indicate that the control device is connected at least one second virtual machines
In the dry run environment, each second virtual machine in described at least one second virtual machines is provided with a kind of network work(
Can, it is described after the control device is modified according to the configuration parameter to the systematic parameter of the assigned operation system
Method also includes:
Described at least one second virtual machines are connected to the mould by the control device according to the 4th control instruction
Intend running environment in so that the dry run environment include modification parameter after the assigned operation system and it is described at least
A kind of network function.
Can with reference to the first possible implementation to the third of first aspect of above-mentioned first aspect or first aspect
Any one implementation in the implementation of energy, in the third possible implementation, the control device forms described
After dry run environment, methods described also includes:
The control device receives the program to be monitored;
The control device control described program is run in the dry run environment;
The control device records and analyzes the behavior that produces when described program is run in the dry run environment, with
Obtain the behavior monitoring report of described program;
The control device shows the behavior monitoring report.
Second aspect, the embodiment of the present invention provides a kind of control device of security sandbox, including:
Acquiring unit, for obtaining control information, the control information includes the first control instruction and configuration parameter, described
First control instruction is used to indicate that the security sandbox generates the first virtual machine with assigned operation system, the configuration parameter
For changing the systematic parameter of the operating system;
The dispensing unit, first control instruction for being obtained according to the acquiring unit is generated has the finger
Determine first virtual machine of operating system;
The dispensing unit, for the configuration parameter that obtained according to the acquiring unit to the assigned operation system
Systematic parameter modify so that modification parameter after the assigned operation system formed dry run environment, the mould
Intending running environment is used to run program to be monitored.
In the first possible implementation of second aspect, first virtual machine that the dispensing unit is generated
Number is M, and each first virtual machine in M the first virtual machine has a kind of assigned operation system, and M > 1, M is integer,
The dispensing unit, specifically for according to the configuration parameter to each the specified behaviour in M assigned operation system
The systematic parameter for making system is modified;
The control information that the acquiring unit is obtained also includes the second control instruction, and second control instruction is used for
Control the dispensing unit and connect M first virtual machine,
The dispensing unit, be additionally operable to according to the configuration parameter to each the specified behaviour in M assigned operation system
Make system systematic parameter modify after, the M the first virtual machines are attached according to second control instruction,
So that the dry run environment includes the assigned operation system after the M modification parameter after modification parameter.
It is described in second possible implementation with reference to the first possible implementation of above-mentioned second aspect
The control information that acquiring unit is obtained also includes the 3rd control instruction, and the 3rd control instruction is used to control the configuration
Unit generates background traffic,
The dispensing unit, is additionally operable to be attached the M the first virtual machine according to second control instruction
Afterwards, M first virtual machine is controlled according to the 3rd control instruction and generates the background traffic, so that the simulation
There is the background traffic in running environment.
With reference to above-mentioned second aspect, in the third possible implementation of second aspect, the acquiring unit is obtained
The control information also include the 4th control instruction, the 4th control instruction is used to indicate by least one second virtual machines
In being connected to the dry run environment, each second virtual machine in described at least one second virtual machines is provided with a kind of net
Network function,
The dispensing unit, is additionally operable to carrying out the systematic parameter of the assigned operation system according to the configuration parameter
After modification, described at least one second virtual machines are connected to by the dry run environment according to the 4th control instruction
In, so that the dry run environment includes the assigned operation system after modification parameter and at least one network function.
Can with reference to the first possible implementation to the third of second aspect of above-mentioned second aspect or second aspect
Any one implementation in the implementation of energy, in the third possible implementation, the control device also includes:Control
Unit processed, analytic unit and display unit,
The acquiring unit, is additionally operable to after the dispensing unit forms the dry run environment, treats described in reception
The program of monitoring;
Described control unit, transports for controlling the described program that the acquiring unit is obtained in the dry run environment
OK;
The analytic unit, for recording and analyzes the row produced when described program is run in the dry run environment
To be reported with the behavior monitoring for obtaining described program;
The display unit, for showing the behavior monitoring report that the analytic unit is obtained.
The third aspect, the embodiment of the present invention provides a kind of control device of security sandbox, including processor, memory, is
System bus and communication interface.
The memory is used to store computer executed instructions, and the processor is total by the system with the memory
Line connects, when the control device runs, the computer executed instructions of memory storage described in the computing device,
To make the control device perform the controlling party of the security sandbox as described in the arbitrary optional mode of first aspect or first aspect
Method.
Fourth aspect, the embodiment of the present invention provides a kind of computer-readable recording medium, including computer executed instructions, when security sandbox
Described in the computing device of control device during computer executed instructions, control mounted box is performed such as above-mentioned first aspect or the
The control method of the security sandbox described in any one implementation of one side.
The control method and device of security sandbox provided in an embodiment of the present invention, can be by control information to security sandbox
It is controlled, so that the control device of the security sandbox can generate with assigned operation system the according to the control information
One virtual machine, and the systematic parameter to the assigned operation system modifies to form dry run environment.Adopt this
The control method that bright embodiment is provided can control the operation that security sandbox is formed and run in actual host by control information
The systematic parameter identical assigned operation system of system is used as dry run environment.Therefore, compared in existing security sandbox
Fixed running environment, security sandbox is formed under the control of control information in the embodiment of the present invention dry run environment and reality
The current operating environment of the operating system run in the main frame of border has higher similarity, so as to program to be monitored imported
After the dry run environment, the behavior when program is run in the dry run environment can more really react the journey
Sequence behavior in this prior in running environment, and then can more accurately judge whether the program can be to running in actual host
Operating system produce harmful act, improve the analysis efficiency of the security sandbox.
Description of the drawings
Fig. 1 is a kind of function system block diagram of security sandbox provided in an embodiment of the present invention;
Fig. 2 for it is provided in an embodiment of the present invention it is a kind of based on software defined network (Software Defined Network,
SDN physical system block diagram);
Fig. 3 is a kind of control method flow chart one of security sandbox provided in an embodiment of the present invention;
Fig. 4 is a kind of control method flow chart two of security sandbox provided in an embodiment of the present invention;
Fig. 5 is a kind of control method flow chart three of security sandbox provided in an embodiment of the present invention;
Fig. 6 is a kind of control method flow chart four of security sandbox provided in an embodiment of the present invention;
Fig. 7 is a kind of control method flow chart five of security sandbox provided in an embodiment of the present invention;
Fig. 8 is a kind of structural representation one of the control device of security sandbox provided in an embodiment of the present invention;
Fig. 9 is a kind of structural representation two of the control device of security sandbox provided in an embodiment of the present invention;
Figure 10 is a kind of hardware architecture diagram of the control device of security sandbox provided in an embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly retouched
State, it is clear that described embodiment is only a part of embodiment of the invention, rather than the embodiment of whole.
It should be noted that the terms " and ", a kind of only incidence relation of description affiliated partner, expression can be with
There are three kinds of relations, for example, A and B can be represented:Individualism A, while there is A and B, individualism B these three situations.Separately
Outward, character "/" herein, typicallys represent forward-backward correlation pair as if a kind of relation of "or".
When the embodiment of the present invention refers to term " comprising " and " having " and their any deformations, it is intended that cover not
Exclusive includes.Process, method, system, product or the equipment for for example containing series of steps or unit is not limited to
The step of listing or unit, but alternatively also include the step of not listing or unit, or alternatively also include for these
Other intrinsic steps of process, method, product or equipment or unit.
As shown in figure 1, for a kind of system functional block diagram of security sandbox provided in an embodiment of the present invention, including user circle
Face, network function virtualization (Network Function Virtual, NFV) management and composer, controller and virtualization
Functional database.
Wherein, user interface provide human-computer interaction function, corresponding service interface can be provided a user with, including but do not limit
Derive and system shape in operating system selection, network architecture design, suspect program importing, analytic function selection, analysis result
One or more in the service interfaces such as state monitoring.User can according to the actual requirements by the control of the user interface input correlation
Information processed, to control the dry run environment that the security sandbox forms response.
NFV manages the control information for being responsible for input according to user with composer and forms dry run environment, including but not
Be limited to the generation of virtual machine, the position distribution of virtual machine, between the resource allocation of virtual machine, the parameter configuration of virtual machine, virtual machine
Interface configuration, the closing of virtual machine, and log information collection, collect and analyze work etc., wherein, log information includes
The behavior produced when program is run on each virtual machine of record.
Controller can be that SDN controllers are responsible for the generation of flow, flow scheduling, the building of communication link, control instruction
Issue and analysis result upload etc..
Wherein, the user interface, NFV management and composer and controller constitute the control device of the security sandbox.
Virtualization database is responsible for providing the information of each type operating system, for NFV management with composer by adjusting
There is the first virtual machine of respective operations system with the information generating run of corresponding operating system, specifically can be including but not limited to
The information of the operating systems such as Windows, Linux, Android, iOS, Unix and Netware;The virtualization database
It is also responsible for providing the second virtual machine for possessing disparate networks function, for example, possesses virtual router, virtual switch, distributed
Refusal service is (Distributed Denial of service, DDOS) protection, fire wall, intruding detection system
(Intrusion Detection Systems, IDS)/intrusion prevention system (Intrusion Prevention System,
IPS), and the network function such as virus, wooden horse, worm killing the second virtual machine.
As shown in Fig. 2 handing over for a kind of physical system based on SDN provided in an embodiment of the present invention, including open virtual
Change planes (open vSwitch) and generic server, security sandbox provided in an embodiment of the present invention can be based on the physical assemblies system
System is realized.
Wherein, open virtual switch as the security sandbox data forwarding instrument, in the multiple stage generic server
A generic server be used to realizing the control function of the security sandbox, the i.e. security sandbox including NFV management composers,
Controller and user interface and virtualization storehouse can realize in same generic server, remaining generic service
Device is used to dispose each virtual machine that the security sandbox is generated according to the control information of user input.
Exemplary, above-mentioned generic server can be x86 servers.It is understood that when the number of generic server
When amount or performance cannot meet the requirement of the security sandbox, directly more generic servers can be connected into virtual switch
Machine, as a part for security sandbox system.
Based on above-mentioned security sandbox as shown in Figure 1, as shown in figure 3, the embodiment of the present invention provides a kind of security sandbox
Control method, the method can include:
S101, the control device of security sandbox obtain control information, and the control information includes the first control instruction and configuration
Parameter.
Wherein, the first control instruction generates the first virtual machine with assigned operation system for indicating the control device,
The assigned operation system is the operating system (hereinafter abbreviation practical OS's) run in actual host, and the configuration parameter is used
In the systematic parameter for changing the assigned operation system, so that the parameter of first virtual machine is current with the practical OS's
Systematic parameter is identical.
In one example, first control instruction can be the series of instructions that user is input into by user interface, example
Such as, including operating system selection instruction and determine instruction etc..In this example, user can be according to operation in actual host
The icon of selection operation system is clicked in the icon of the operating system that operating system is presented from the user interface, and is selecting to complete
Click on afterwards and determine icon, so as to the selection instruction that the control device can be input into according to user by the icon of clicking operation system
Determine the assigned operation system, and start to generate that have should by clicking on the determine instruction for determining icon input and determining according to user
First virtual machine of assigned operation system.
In one example, the mark of the assigned operation system can also be included in first control instruction, so that should
Control device can determine assigned operation system according to the mark of the assigned operation system.
The configuration parameter systematic parameter current with practical OS's is identical, is that user is current according to practical OS's
System parameter setting, then the control device is input into by the user interface, to control the control device can be according to this
Configuration parameter is modified to the systematic parameter of the assigned operation system, so that the systematic parameter and reality of the assigned operation system
The systematic parameter of border operating system is identical.
S102, the control device generate the first virtual machine with the assigned operation system according to first control instruction.
In one example, the NFV layouts in the control device can be according to first control instruction, from void with controller
The information of the assigned operation system is called in planization functional database, and is generated with the assigned operation system according to the information
First virtual machine.
S103, the control device are modified according to the configuration parameter to the systematic parameter of the assigned operation system, so that
The assigned operation system after parameter must be changed and form dry run environment, the dry run environment is used to run journey to be monitored
Sequence.
Exemplary, by taking windows operating systems as an example, the control device is according to having that the first control instruction is generated
First virtual machine of widows operating systems, now, the systematic parameter of the widows operating systems on first virtual machine is
The system configuration parameter of windows operating systems acquiescence.It is assumed that in the system configuration parameter of windows operating systems acquiescence
TELNET port parameters are the parameter for indicating the TELNET port shutdowns.And the windows operating systems run in actual host
Current TELNET port parameters are the parameter for indicating the TELNET open-endeds.The configuration parameter that the control device is obtained is real
The current TELNET port parameters of the windows operating systems of operation on the main frame of border, the control device will according to the configuration parameter
The TELNET port parameters of the windows operating systems in first virtual machine are revised as the windows run in actual host
The current TELNET port parameters of operating system so that the windows operating systems in the first virtual machine have and actual host
The windows operating system identical program execution environments of upper operation.
In one example, can be by what the NFV layouts in the control device and controller performed assigned operation system
The modification operation of system parameter.
In embodiments of the present invention, the assigned operation system after using modification parameter is used as dry run environment so that
The dry run environment is identical with the current operating environment of practical OS's, so, program to be monitored is input into the mould
After intending running environment operation, the behavior when program is run in the dry run environment can reflect more true and reliablely
The behavior when program is run in current operating environment, during such that it is able to being run in the dry run environment according to the program
Behavior, can more accurately judge that whether the program can produce harmful act to current operating environment, improve this point
Analysis efficiency.
Optionally, security sandbox provided in an embodiment of the present invention, can also provide the dry run environment of on-line environment.Tool
Body, in one example, the number of the first virtual machine that the control device of the security sandbox is generated is M, and M first virtual
The virtual machine of each in machine first has a kind of operating system specified, and M > 1, M is integer, i.e., in this example, the first control
Instruction specifically can serve to indicate that the control device generates M the first virtual machine with assigned operation system.So as to reference to such as
Fig. 3, as shown in figure 4, in above-mentioned S103, specifically can include:
S103a, the control device are to each the assigned operation system in M assigned operation system according to configuration parameter
System parameter is modified.
Further, as shown in figure 4, in above-mentioned S101, the control information that control device is obtained can also include second
Control instruction, second control instruction connects the M the first virtual machine for controlling the control device.After above-mentioned S103a,
The method can also include:
S104, the control device are attached the M the first virtual machine according to second control instruction, so that simulation
Running environment includes the assigned operation system after M modification parameter.
In this example, control device generates M the first virtual machines, and according to configuration parameter by the M assigned operation system
The systematic parameter of system is revised as after the systematic parameter identical parameter with M practical OS's, you can referred to according to the second control
Order is attached the M the first virtual machine, and to form dry run environment, i.e., now, the dry run environment includes that M is repaiied
Change the assigned operation system after parameter.Wherein, M practical OS's can be the M operation run in same actual host
System, or it is separately operable in M operating system of M actual host.
So, when the security sandbox receives program to be monitored, and the program is controlled in the simulation by the control device
When running in running environment, the behavior that the control device is produced when not only can be run in the simulated environment according to the program,
Whether analyze the program can produce attack to single operating, can also analyze the program in M the first virtual machine
Whether the network behavior produced during operation has harm.
Wherein, network behavior can include the mode that the program is propagated between M the first virtual machine, for example, using master
The leak of machine obtains the trust or authority of other equipment in network, by the program copy to other equipment realizing communication effect
Deng the circulation way (for example, the circulation way of virus or wooden horse) with harmfulness.It is exemplary, if the program using virus or
The circulation way of wooden horse is propagated between the M the first virtual machine, and the program is rogue program, then the program can be to this
Multiple first virtual machines in dry run environment produce attack.Illustrate, when current operating environment is by multiple actual main
When the operating system run on machine is constituted, if the program to be imported the behaviour run in certain actual host in current operating environment
In making system, then the program not only can produce attack to the operating system, it is also possible to its in the current operating environment
The operating system run in his actual host produces attack.
Network behavior can also include, when the program is run in the assigned operation system in certain first virtual machine, be
It is no to attempt logging in other first virtual machines in the dry run environment to obtain management by SSH ports, TELNET ports etc.
The behaviors such as member's authority.Exemplary, if run in assigned operation system of the program in certain first virtual machine, attempt logical
TELNET ports are crossed to other the first virtual machine facility transmission TELNET flows, then it represents that the program is attempted utilizing TELNET ports
Control other the first virtual machines.Illustrate, if the program to be imported what is run in certain actual host in current operating environment
Operating system, then the program may utilize other actual hosts in the TELNET port controllings current operating environments.
In embodiments of the present invention, control device can obtain packet at random in the data that the program is triggered, and
The information such as agreement, port that the program is used are obtained from the packet for obtaining, is existed with the program by these information analyses
Whether the network behavior produced when running in the dry run environment has harm.Compared to the only pin of security sandbox in prior art
Running environment to single operation system, security sandbox can be formed under the control of control information and is directed in the embodiment of the present invention
The dry run environment of M practical OS's, so as to the control device is after program to be imported the dry run environment, moreover it is possible to
Enough network behaviors to the program are analyzed, and further increase the analysis efficiency of security sandbox.
Optionally, with reference to Fig. 4, as shown in figure 5, the control information that the control device is obtained in above-mentioned S101 also includes the 3rd
Control instruction, the 3rd control instruction is used to control control device generation background traffic, and after above-mentioned S104, the present invention is real
Applying the control method of the security sandbox of example offer can also include:
S105, the control device control the M the first virtual machine and generate background traffic according to the 3rd control instruction, so that
Obtain the dry run environment and there is the background traffic.
Wherein, the flow produced when background traffic refers to user in current operating environment normally using network, according to difference
Purposes, the corresponding industry of network system (i.e. actual motion environment) etc. with different traffic characteristics.For example, in department of banking
In system, generally the data of encryption are transmitted using VPN (Virtual Private Network, VPN) between equipment
Flow;In the voice communication system of operator, usual transmitting audio data stream amount between equipment;In equity (Peer-to-
Peer, P2P) in system, there is provided in the cloud data center of P2P download services, it will usually transmission using P2P host-host protocols data
Flow.Some rogue programs may be based on the transmission of the background traffic in current operating environment, produce some harmful networks
Behavior.
In embodiments of the present invention, can control to be formed with background traffic in security sandbox by the 3rd control instruction
Dry run environment.Exemplary, the 3rd control instruction can include the mark of traffic characteristic, flow forwarding strategy and visit
Control strategy etc. is asked, for indicating that the control device of the security sandbox controls the mark that M the first virtual machine generates the traffic characteristic
Know corresponding background traffic, and the biography of the background traffic is carried out according to specified flow forwarding strategy and access control policy
It is defeated, so that the dry run environment formed in the security sandbox is present and current operating environment identical background traffic.This
Sample, when running during program to be monitored subsequently to be imported the dry run environment, you can according to the program in the dry run
Behavior when running in environment, analyzes whether the program can be based on the network behavior that the transmission generation of the background traffic is harmful to.
In one example, the life of background traffic in dry run environment can be performed by the controller of the security sandbox
Into the controller can send instruction according to the 3rd control instruction to the M the first virtual machine, control the M the first virtual machine
The background traffic specified of generation, and the network condition such as the running status and the network bandwidth according to the M the first virtual machine and should
Flow forwarding strategy and access control policy that 3rd control instruction is indicated, control the M the first virtual machine to the background stream
Amount is forwarded so that the background traffic transmit in dry run environment, with further improve the dry run environment and
The similarity of current operating environment, so as to further improve the analysis efficiency of the security sandbox.
Optionally, security sandbox provided in an embodiment of the present invention can also be by with particular network functions at least one
Two virtual machines are connected in the dry run environment formed in the method as shown in Fig. 3-5 is arbitrary, at least one second virtual machine
In each second virtual machine be provided with a kind of network function.For example, it may be possessing router, fire wall, IDS/IPS, disease
Second virtual machine of the network functions such as malicious killing, wooden horse killing.
Exemplary, with reference to Fig. 3, as shown in fig. 6, the control information that control device is obtained in above-mentioned S101 can also include
4th control instruction, the 4th control instruction is used to indicate that at least one second virtual machines are connected to the simulation by the control device
In running environment.So as to after above-mentioned S103, the control method of security sandbox provided in an embodiment of the present invention can also be wrapped
Include:
At least one second virtual machine is connected to the simulation fortune by S106, the control device according to the 4th control instruction
In row environment, so that the dry run environment includes the assigned operation system after modification parameter and at least one network function.
Exemplary, the 4th control instruction can include the mark and line instruction of at least one second virtual machines, should
4th control instruction can be that user is input into by user interface.The control device is according at least one second virtual machine
Mark, transfers corresponding at least one second virtual machines from the virtualization database of the security sandbox, and then basis should
Line instruction is connected at least one second virtual machines in dry run environment, at least one second virtual machine and will repair
Change the first virtual machine after parameter to connect to form dry run environment.
Optionally, the 4th control instruction can also include the mark and networking stencil-chosen of at least one second virtual machines
Instruction.In this example, user can be according to the networking model of current operating environment, from the networking template that the user interface is presented
List in click on and select corresponding networking template, to be input into the instruction of networking stencil-chosen, so as to the control device can basis
The networking stencil-chosen instruction determines corresponding networking template, and then the control device is according to the mark of at least one second virtual machines
Know and determine after corresponding at least one second virtual machine, you can by first after at least one second virtual machine and modification parameter
Virtual machine is coupled together according to the networking template, forms dry run environment.
Exemplary, the networking template that the security sandbox is provided can include:Based on star, annular, bus-type, tree-like etc.
The networking template of basic network topological structure, based on private network the applied environments such as internet, home network, data center are accessed
Networking template, and the networking template based on terminal types such as Android device access model, ios device access models.
In one example, network configuration parameters can also be included in the 4th control instruction, the control device can be with root
The network parameter of the second virtual machine is modified according to the network configuration parameters, for example, the IP address of the second virtual machine of modification,
MAC Address etc., can also change different network configurations to different types of second virtual machine, for example, for server, can be with
Modification type of server, for fire wall, protection rule, white list, blacklist etc. can be changed.
What deserves to be explained is, in embodiments of the present invention, can control control device by the 4th control instruction will have
Router, fire wall, IDS the network function such as IPS, DDOS protection, checking and killing virus, wooden horse killing, worm killing it is second virtual
Machine is added in dry run environment, so, when running during program to be monitored subsequently to be imported the dry run environment, can
To be analyzed to the program to be monitored by the network function with function of safety protection in the dry run environment, also
Whether behavior that can be according to the program in the dry run environment, analyzing the program can be to the fire prevention in current operating environment
The network equipments such as wall, router produce impact, for example, modification switch, the system configuration of router, backstage login fire wall,
Authority of modification fire wall etc., so as to further increase the analysis efficiency of the security sandbox.
In one example, the second virtual machine that the security sandbox is provided can also include different brands, different vendor's life
Virtual machine corresponding to the security protection product of product, i.e., including different brands, the fire wall of different vendor's production, abnormal flow prison
Corresponding second virtual machine of security protection product such as survey and cleaning device, IDS/IPS.When user needs to produce some security protections
When product carry out performance test, you can corresponding second virtual machine is connected in dry run environment, then rogue program is imported
In the dry run environment, to detect whether second virtual machine can detect and intercept the rogue program.
For example, user have purchased a set of intrusion prevention system, it is desirable to detect that the intrusion prevention system specifically enters to certain
Invade mode and whether there is protective capacities, then the user can to control the security sandbox corresponding second empty by the intrusion prevention system
Plan machine is connected in dry run environment, then is transported being imported in the dry run environment using the program of the specific invasion mode
OK, interception program if the security sandbox fails, the control device of the security sandbox then can according to the program this
The behavior that produces when running in two virtual machines, the intrusion behavior for analyzing the program is realized in principle and the intrusion prevention system
The leak of presence.For example, if the IPS does not possess the function of TELNET port-guards, then using TELNET ports
By corresponding second virtual machine of the IPS by the program invaded, this timed unit can be by analysis
The behavior that the program is run in second virtual machine, it is found that the program is to carry out Network Intrusion by TELNET ports, and is somebody's turn to do
IPS does not detect the TELNET ports, so as to allow users to accurately determine the Attack Theory of the program and
Counter-measure.
Further, in embodiments of the present invention, when the security sandbox is successfully formed dry run ring based on control information
After border, you can program to be monitored is imported into the security sandbox, so that the security sandbox can control the program in the mould
Intend running environment in run, and the behavior produced when running in the dry run environment to the program recorded, analyze with
The behavior monitoring report of the program is obtained, and behavior monitoring report is shown into user by user interface, so as to inform
Whether the user program can work the mischief to actual motion environment, work the mischief type, the mode for working the mischief and cause
Order of severity of harm etc..
It is exemplary, with reference to Fig. 6, as shown in fig. 7, the control method of security sandbox provided in an embodiment of the present invention can be with
Including:
S107, the control device receive the program to be monitored.
Exemplary, the user interface of the security sandbox provides suspect program and imports interface, so as to user can be by being somebody's turn to do
Suspect program imports interface and the program program is imported into the security sandbox.
S108, the control device control the program and run in the dry run environment.
After control device receives the program of user's importing, the control device can control the program in the simulation fortune
Run in row environment, for example, the controller of the control device can control virtual machine in the dry run environment (including above-mentioned
First virtual machine and the second virtual machine), corresponding data traffic is generated according to the instruction of the program, and the data traffic is carried out
Forwarding etc..
S109, the control device record and analyze the behavior that produces when the program is run in the dry run environment, with
Obtain the behavior monitoring report of the program.
Exemplary, the security sandbox can be transported the program in each virtual machine by log pattern with log enable function
The log information is synchronized to NFV layouts and controller by the behavior record produced during row in log information, by VNF layouts
The behavior produced when running to the program recorded in these log informations with controller is collected and analysis, determines the program
Whether current operating environment can be worked the mischief, and in the case where the program can work the mischief to current operating environment, analysis
The type for working the mischief, the mode for working the mischief and the order of severity that works the mischief etc., then obtain according to these analysis results
Behavior monitoring to the program is reported.
Wherein, each virtual machine in the log pattern and the dry run environment is affixed one's name on different physical resources, example
Such as, based on physical system as shown in Figure 2, the log pattern can be disposed in a single generic server, it is also possible to
By the log pattern and the control device (including controller, NFV layouts and controller and user interface) and virtualization number
Be deployed in same generic server according to storehouse, so as to avoid the dry run environment in virtual machine collapse under the attack of the program
Burst, cause the control device in time to know the behavior that the program is produced when running in virtual machine.
S110, the control device show behavior monitoring report.
It is understood that after NFV layouts and controller are obtained and preserve behavior monitoring report, will can be somebody's turn to do simultaneously
Behavior monitoring report is sent to user interface, is shown to user, and the user can also transfer instruction by user interface input, with
Behavior monitoring report is checked in the request from the NFV layouts and controller.
Security sandbox can be controlled by control information, so that the control device of the security sandbox being capable of basis
The control information generates the first virtual machine with assigned operation system, and the systematic parameter to the assigned operation system is carried out
Change to form dry run environment.Can be pacified by control information control using control method provided in an embodiment of the present invention
The systematic parameter identical assigned operation system of the operating system run in full sandbox formation and actual host is used as dry run
Environment.Therefore, compared to running environment fixed in existing security sandbox, security sandbox is in control letter in the embodiment of the present invention
The dry run environment formed under the control of breath has higher with the current operating environment of the operating system of operation in actual host
Similarity, so as to after program to be monitored to be imported the dry run environment, the program is transported in the dry run environment
Behavior during row, can more really react behavior of the program in this prior in running environment, and then can be more accurate
Judge that the operating system that the program whether can be to running in actual host produces harmful act, improve the security sandbox point
Analysis efficiency.
As shown in figure 8, the embodiment of the present invention provides a kind of control device of security sandbox, perform as shown in Fig. 3-6 is arbitrary
Security sandbox control method the step of, the control device of the security sandbox can be integrated in the security sandbox, exemplary
, the control device of the security sandbox includes:
Acquiring unit 10, for obtaining control information, the control information includes the first control instruction and configuration parameter, institute
The first control instruction is stated for indicating that dispensing unit 11 generates the first virtual machine with assigned operation system, the configuration parameter
For changing the systematic parameter of the operating system.
The dispensing unit 11, first control instruction for being obtained according to the acquiring unit 10 is generated has institute
State first virtual machine of assigned operation system.
The dispensing unit 11, for the configuration parameter that obtained according to the acquiring unit 10 to the assigned operation
The systematic parameter of system is modified, so that the assigned operation system after modification parameter forms dry run environment, institute
Dry run environment is stated for running program to be monitored.
Optionally, the number of first virtual machine that the dispensing unit 11 is generated is M, in M the first virtual machine
Each first virtual machine there is a kind of assigned operation system, M > 1, M is integer.
The dispensing unit 11, specifically for being specified to each in M assigned operation system according to the configuration parameter
The systematic parameter of operating system is modified.
The control information that the acquiring unit 10 is obtained also includes the second control instruction, and second control instruction is used
Connect the M the first virtual machine in the dispensing unit 11 is controlled.
The dispensing unit 11, is additionally operable to specifying each in M assigned operation system according to the configuration parameter
After the systematic parameter of operating system is modified, the M the first virtual machine is connected according to second control instruction
Connect, so that the dry run environment includes the assigned operation system after the M modification parameter after modification parameter.
Optionally, the control information that the acquiring unit 10 is obtained also includes the 3rd control instruction, the 3rd control
System instruction generates background traffic for controlling the dispensing unit 11.
The dispensing unit 11, is additionally operable to connected the M the first virtual machine according to second control instruction
After connecing, M first virtual machine is controlled according to the 3rd control instruction and generates the background traffic, and to the background
Flow is forwarded, so that the dry run environment has the background traffic.
Optionally, the control information that the acquiring unit 10 is obtained also includes the 4th control instruction, the 4th control
System instruction is for indicating that at least one second virtual machines are connected in the dry run environment, and described at least one second is empty
Each second virtual machine in plan machine is provided with a kind of network function.
The dispensing unit 11, is additionally operable to entering the systematic parameter of the assigned operation system according to the configuration parameter
After row modification, described at least one second virtual machines are connected to by the dry run environment according to the 4th control instruction
In, so that the dry run environment includes the assigned operation system after modification parameter and at least one network function.
Optionally, with reference to Fig. 8, as shown in figure 9, the control device also includes:Control unit 12, analytic unit 13 and
Display unit 14,
The acquiring unit 10, is additionally operable to after the dispensing unit 11 forms the dry run environment, receives institute
State program to be monitored.
Described control unit 12, for controlling the described program of the acquisition of the acquiring unit 10 in the dry run environment
Middle operation.
The analytic unit 13, for recording and analyzes what is produced when described program is run in the dry run environment
Behavior, is reported with the behavior monitoring for obtaining described program.
The display unit 14, for showing the behavior monitoring report that the analytic unit 13 is obtained.
A kind of control device of security sandbox provided in an embodiment of the present invention, can be entered by control information to security sandbox
Row control, so that the control device of the security sandbox can generate with assigned operation system first according to the control information
Virtual machine, and the systematic parameter to the assigned operation system modifies to form dry run environment.I.e. using the present invention
The control method that embodiment is provided can control the operation system that security sandbox is formed and run in actual host by control information
The systematic parameter identical assigned operation system of system is used as dry run environment.Therefore, it is solid compared in existing security sandbox
Fixed running environment, security sandbox is formed under the control of control information in the embodiment of the present invention dry run environment and reality
The current operating environment of the operating system run in main frame has higher similarity, so as to program importing to be monitored be somebody's turn to do
After dry run environment, the behavior when program is run in the dry run environment can more really react the program
Behavior in running environment in this prior, and then can more accurately judge whether the program can be to running in actual host
Operating system produces harmful act, improves the analysis efficiency of the security sandbox.
As shown in Figure 10, the embodiment of the present invention provides a kind of control device of security sandbox, including:Processor 20, storage
Device 21, system bus 22 and communication interface 23.
The memory 21 is used to store computer executed instructions, and the processor 20 is with the memory 21 by described
System bus 22 connects, and when the control device of the security sandbox runs, the processor 20 performs the memory 21 and deposits
The computer executed instructions of storage, so that the control device of the security sandbox is performed as described in Fig. 3 to Fig. 7 is one of any
The control method of security sandbox.The control method of specific security sandbox can be found in above-mentioned as shown in Fig. 3 to Fig. 7 is one of any
Associated description in embodiment, here is omitted.
The present embodiment also provides a kind of storage medium, and the storage medium can include the memory 21.
The processor 20 can be central processing unit (English:Central processing unit, abbreviation:CPU).
The processor 20 can also be other general processors, digital signal processor (English:digital signal
Processing, abbreviation DSP), special IC (English:application specific integrated
Circuit, abbreviation ASIC), field programmable gate array (English:Field-programmable gate array, referred to as
FPGA) either other PLDs, discrete gate or transistor logic, discrete hardware components etc..General procedure
Device can be microprocessor or the processor can also be any conventional processor etc..
The processor 20 can be application specific processor, and the application specific processor can include the dress of the control with security sandbox
Put the chip of other dedicated processes functions.
The memory 21 can include volatile memory (English:Volatile memory), such as arbitrary access is deposited
Reservoir (English:Random-access memory, abbreviation:RAM);The memory 21 can also include nonvolatile memory
(English:Non-volatile memory), such as read-only storage (English:Read-only memory, abbreviation:ROM), soon
Flash memory (English:Flash memory), hard disk (English:Hard disk drive, abbreviation:) or solid state hard disc (English HDD
Text:Solid-state drive, abbreviation:SSD);The memory 21 can also include the combination of the memory of mentioned kind.
The system bus 22 can include data/address bus, power bus, controlling bus and signal condition bus etc..This reality
Apply in example for clear explanation, in Fig. 10 various buses are all illustrated as into system bus 22.
The communication interface 23 can be specifically on the control device of security sandbox the processor 20 by setting with other
The standby interface for being communicated.
During implementing, it is above-mentioned as Fig. 3 to Fig. 7 one of arbitrarily shown in method flow in each step can be with
The computer executed instructions for performing the software form stored in memory 21 by the processor 20 of example, in hardware are realized.To avoid
Repeat, here is omitted.
A kind of control device of security sandbox provided in an embodiment of the present invention, can be entered by control information to security sandbox
Row control, so that the control device of the security sandbox can generate with assigned operation system first according to the control information
Virtual machine, and the systematic parameter to the assigned operation system modifies to form dry run environment.I.e. using the present invention
The control method that embodiment is provided can control the operation system that security sandbox is formed and run in actual host by control information
The systematic parameter identical assigned operation system of system is used as dry run environment.Therefore, it is solid compared in existing security sandbox
Fixed running environment, security sandbox is formed under the control of control information in the embodiment of the present invention dry run environment and reality
The current operating environment of the operating system run in main frame has higher similarity, so as to program importing to be monitored be somebody's turn to do
After dry run environment, the behavior when program is run in the dry run environment can more really react the program
Behavior in running environment in this prior, and then can more accurately judge whether the program can be to running in actual host
Operating system produces harmful act, improves the analysis efficiency of the security sandbox.
Those skilled in the art can be understood that, for convenience and simplicity of description, only with above-mentioned each function
The division of module is illustrated, and in practical application, as desired can distribute above-mentioned functions by different function moulds
Block is completed, will the internal structure of device be divided into different functional modules, to complete all or part of work(described above
Energy.The specific work process of the system, apparatus, and unit of foregoing description, may be referred to corresponding in preceding method embodiment
Journey, will not be described here.
In several embodiments provided herein, it should be understood that disclosed system, apparatus and method can be with
Realize by another way.For example, device embodiment described above be only it is schematic, for example, the module or
The division of unit, only a kind of division of logic function can have other dividing mode, such as multiple units when actually realizing
Or component can with reference to or be desirably integrated into another system, or some features can be ignored, or not perform.It is another, institute
The coupling each other for showing or discussing or direct-coupling or communication connection can be by some interfaces, device or unit
INDIRECT COUPLING or communication connection.
The unit as separating component explanation can be or may not be it is physically separate, it is aobvious as unit
The part for showing can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can according to the actual needs be selected to realize the mesh of this embodiment scheme
's.
In addition, each functional unit in each embodiment of the invention can be integrated in a processing unit, it is also possible to
It is that unit is individually physically present, it is also possible to which two or more units are integrated in a unit.Above-mentioned integrated list
Unit can be realized in the form of SFU software functional unit.
If the integrated unit is realized using in the form of SFU software functional unit and as independent production marketing or used
When, during a computer read/write memory medium can be stored in.Based on such understanding, all or part of the technical scheme
Can be embodied in the form of software product, the computer software product is stored in a storage medium, including some fingers
Order is used so that a computer equipment (can be personal computer, server, or network equipment etc.) or computing device
The all or part of step of each embodiment methods described of the invention.The storage medium is non-transitory (English:non-
Transitory) medium, including:Flash memory, portable hard drive, read-only storage, random access memory, magnetic disc or light
Disk etc. is various can be with the medium of store program codes.
The above, the only specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, any
Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, all should contain
Cover within protection scope of the present invention.Therefore, protection scope of the present invention described should be defined by scope of the claims.
Claims (10)
1. a kind of control method of security sandbox, it is characterised in that methods described includes:
The control device of security sandbox obtains control information, and the control information includes the first control instruction and configuration parameter, institute
The first control instruction is stated for indicating that the security sandbox generates the first virtual machine with assigned operation system, the configuration ginseng
Number is used to change the systematic parameter of the operating system;
The control device generates first virtual machine with the assigned operation system according to first control instruction;
The control device is modified according to the configuration parameter to the systematic parameter of the assigned operation system, so that repairing
Change the assigned operation system after parameter and form dry run environment, the dry run environment is used to run journey to be monitored
Sequence.
2. method according to claim 1, it is characterised in that the number of first virtual machine is M, M first empty
Each first virtual machine in plan machine has a kind of assigned operation system, and M > 1, M is integer,
The control device is modified according to the configuration parameter to the systematic parameter of the assigned operation system, including:
The control device is joined according to the configuration parameter to the system of each the assigned operation system in M assigned operation system
Number is modified;
The control information also includes the second control instruction, and second control instruction is used to control the control device connection institute
M the first virtual machine is stated, the control device is according to the configuration parameter to each assigned operation in M assigned operation system
After the systematic parameter of system is modified, methods described also includes:
The control device is attached the M the first virtual machine according to second control instruction, so that the mould
Intending running environment includes the assigned operation system after M modification parameter.
3. method according to claim 2, it is characterised in that the control information also includes the 3rd control instruction, described
3rd control instruction is used to control the control device generation background traffic, and the control device is according to second control instruction
After the M the first virtual machine is attached, methods described also includes:
The control device controls M first virtual machine and generates the background traffic according to the 3rd control instruction, with
So that there is the background traffic in the dry run environment.
4. method according to claim 1, it is characterised in that the control information also includes the 4th control instruction, described
4th control instruction be used for indicate that the control device is connected at least one second virtual machines in the dry run environment,
Each second virtual machine in described at least one second virtual machines is provided with a kind of network function, and the control device is according to institute
State after configuration parameter modifies to the systematic parameter of the assigned operation system, methods described also includes:
Described at least one second virtual machines are connected to the simulation fortune by the control device according to the 4th control instruction
In row environment, so that the dry run environment includes the assigned operation system after modification parameter and at least one network
Function.
5. the method according to any one of claim 1-4, it is characterised in that the control device forms the dry run
After environment, methods described also includes:
The control device receives the program to be monitored;
The control device control described program is run in the dry run environment;
The control device records and analyzes the behavior that produces when described program is run in the dry run environment, to obtain
The behavior monitoring report of described program;
The control device shows the behavior monitoring report.
6. a kind of control device of security sandbox, it is characterised in that include:
Acquiring unit, for obtaining control information, the control information includes the first control instruction and configuration parameter, described first
Control instruction is used to indicate that dispensing unit generates the first virtual machine with assigned operation system that the configuration parameter to be used to change
The systematic parameter of the operating system;
The dispensing unit, first control instruction for being obtained according to the acquiring unit is generated has the specified behaviour
Make first virtual machine of system;
The dispensing unit, the configuration parameter for being obtained according to the acquiring unit is to the assigned operation system
System parameter is modified, so that the assigned operation system after modification parameter forms dry run environment, the simulation fortune
Row environment is used to run program to be monitored.
7. control device according to claim 6, it is characterised in that first virtual machine that the dispensing unit is generated
Number be M, each first virtual machine in M the first virtual machine has a kind of assigned operation system, and M > 1, M is integer,
The dispensing unit, specifically for according to the configuration parameter to each the assigned operation system in M assigned operation system
The systematic parameter of system is modified;
The control information that the acquiring unit is obtained also includes the second control instruction, and second control instruction is used to control
The dispensing unit connects M first virtual machine,
The dispensing unit, be additionally operable to according to the configuration parameter to each the assigned operation system in M assigned operation system
After the systematic parameter of system is modified, the M the first virtual machine is attached according to second control instruction, so that
Obtaining the dry run environment includes the assigned operation system after the M modification parameter after modification parameter.
8. control device according to claim 7, it is characterised in that the control information that the acquiring unit is obtained is also
Including the 3rd control instruction, the 3rd control instruction is used to control the dispensing unit generation background traffic,
The dispensing unit, is additionally operable to after according to second control instruction M the first virtual machine is attached,
M first virtual machine is controlled according to the 3rd control instruction and generates the background traffic, so that the dry run
There is the background traffic in environment.
9. control device according to claim 6, it is characterised in that the control information that the acquiring unit is obtained is also
Including the 4th control instruction, the 4th control instruction is used to indicate at least one second virtual machines to be connected to the simulation fortune
In row environment, each second virtual machine in described at least one second virtual machines is provided with a kind of network function,
The dispensing unit, is additionally operable to modifying the systematic parameter of the assigned operation system according to the configuration parameter
Afterwards, described at least one second virtual machines are connected in the dry run environment according to the 4th control instruction, with
So that the dry run environment includes the assigned operation system after modification parameter and at least one network function.
10. the control device according to any one of claim 6-9, it is characterised in that the control device also includes:Control
Unit, analytic unit and display unit,
The acquiring unit, is additionally operable to after the dispensing unit forms the dry run environment, receives described to be monitored
Program;
Described control unit, runs for controlling the described program that the acquiring unit is obtained in the dry run environment;
The analytic unit, for recording and analyzes the behavior produced when described program is run in the dry run environment,
To obtain the behavior monitoring report of described program;
The display unit, for showing the behavior monitoring report that the analytic unit is obtained.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611111596.8A CN106650425B (en) | 2016-12-06 | 2016-12-06 | A kind of control method and device of security sandbox |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611111596.8A CN106650425B (en) | 2016-12-06 | 2016-12-06 | A kind of control method and device of security sandbox |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106650425A true CN106650425A (en) | 2017-05-10 |
| CN106650425B CN106650425B (en) | 2019-08-09 |
Family
ID=58818445
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611111596.8A Active CN106650425B (en) | 2016-12-06 | 2016-12-06 | A kind of control method and device of security sandbox |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106650425B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108875362A (en) * | 2017-12-28 | 2018-11-23 | 北京安天网络安全技术有限公司 | A kind of sample behavior acquisition methods, device, storage medium and electronic equipment |
| CN108919774A (en) * | 2018-06-01 | 2018-11-30 | 武汉康慧然信息技术咨询有限公司 | Mixed electrical automobile safety traffic control method |
| CN110515670A (en) * | 2019-09-03 | 2019-11-29 | 深圳市路畅科技股份有限公司 | A kind of operation method of embedded device, system and a kind of host computer |
| CN111541675A (en) * | 2020-04-17 | 2020-08-14 | 国家计算机网络与信息安全管理中心山东分中心 | Network security protection method, device and equipment based on white list |
| CN113778991A (en) * | 2021-09-14 | 2021-12-10 | 珠海市新德汇信息技术有限公司 | Method for realizing resource access control of big data |
| CN113949579A (en) * | 2021-10-20 | 2022-01-18 | 安天科技集团股份有限公司 | Website attack defense method and device, computer equipment and storage medium |
| CN115733694A (en) * | 2022-11-21 | 2023-03-03 | 赵杰 | Security access control system based on meta universe |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102387044A (en) * | 2011-06-27 | 2012-03-21 | 中国商用飞机有限责任公司 | Method for testing communication network |
| CN102662727A (en) * | 2012-04-05 | 2012-09-12 | 北京天地云箱科技有限公司 | Virtual machine creating method and virtual machine creating device |
| CN103248535A (en) * | 2013-04-28 | 2013-08-14 | 华为技术有限公司 | Cloud system testing method and device |
| CN105306594A (en) * | 2015-11-19 | 2016-02-03 | 国云科技股份有限公司 | Method for managing virtual unit through multiple strategies |
-
2016
- 2016-12-06 CN CN201611111596.8A patent/CN106650425B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102387044A (en) * | 2011-06-27 | 2012-03-21 | 中国商用飞机有限责任公司 | Method for testing communication network |
| CN102662727A (en) * | 2012-04-05 | 2012-09-12 | 北京天地云箱科技有限公司 | Virtual machine creating method and virtual machine creating device |
| CN103248535A (en) * | 2013-04-28 | 2013-08-14 | 华为技术有限公司 | Cloud system testing method and device |
| CN105306594A (en) * | 2015-11-19 | 2016-02-03 | 国云科技股份有限公司 | Method for managing virtual unit through multiple strategies |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108875362A (en) * | 2017-12-28 | 2018-11-23 | 北京安天网络安全技术有限公司 | A kind of sample behavior acquisition methods, device, storage medium and electronic equipment |
| CN108919774A (en) * | 2018-06-01 | 2018-11-30 | 武汉康慧然信息技术咨询有限公司 | Mixed electrical automobile safety traffic control method |
| CN108919774B (en) * | 2018-06-01 | 2019-11-29 | 温岭市海奔光电科技股份有限公司 | Mixed electrical automobile safety traffic control method |
| CN110515670A (en) * | 2019-09-03 | 2019-11-29 | 深圳市路畅科技股份有限公司 | A kind of operation method of embedded device, system and a kind of host computer |
| CN111541675A (en) * | 2020-04-17 | 2020-08-14 | 国家计算机网络与信息安全管理中心山东分中心 | Network security protection method, device and equipment based on white list |
| CN113778991A (en) * | 2021-09-14 | 2021-12-10 | 珠海市新德汇信息技术有限公司 | Method for realizing resource access control of big data |
| CN113778991B (en) * | 2021-09-14 | 2024-07-05 | 珠海市新德汇信息技术有限公司 | Method for realizing resource access control of big data |
| CN113949579A (en) * | 2021-10-20 | 2022-01-18 | 安天科技集团股份有限公司 | Website attack defense method and device, computer equipment and storage medium |
| CN113949579B (en) * | 2021-10-20 | 2024-04-30 | 安天科技集团股份有限公司 | Website attack defense method and device, computer equipment and storage medium |
| CN115733694A (en) * | 2022-11-21 | 2023-03-03 | 赵杰 | Security access control system based on meta universe |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106650425B (en) | 2019-08-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106650425A (en) | Method and device for controlling security sandbox | |
| US10560434B2 (en) | Automated honeypot provisioning system | |
| CN110752961B (en) | Techniques for secure personalization of secure monitoring of virtual network functions | |
| US10382469B2 (en) | Domain age registration alert | |
| RU2677378C2 (en) | Systems and methods for network analysis and reporting | |
| US9954896B2 (en) | Preconfigured honey net | |
| US8782796B2 (en) | Data exfiltration attack simulation technology | |
| US8516586B1 (en) | Classification of unknown computer network traffic | |
| CA2943271C (en) | Method and system for providing security aware applications | |
| CN109766700A (en) | Access control method and device, the storage medium, electronic device of file | |
| EP3891953A1 (en) | Automatic generation of security rules for network micro and nano segmentation | |
| EP3132349A1 (en) | Method and system for providing self-monitoring, self-reporting, and self-repairing virtual assets in a cloud computing environment | |
| CN104506507A (en) | Honey net safeguard system and honey net safeguard method for SDN (self-defending network) | |
| US20170134400A1 (en) | Method for detecting malicious activity on an aircraft network | |
| US20120134271A1 (en) | Identification of underutilized network devices | |
| JP2016508353A (en) | Improved streaming method and system for processing network metadata | |
| CN111092910B (en) | Database security access method, device, equipment, system and readable storage medium | |
| CN109144023A (en) | A kind of safety detection method and equipment of industrial control system | |
| KR102088308B1 (en) | Cloud security analysing apparatus, apparatus and method for management of security policy based on nsfv | |
| JP2019097133A (en) | Communication monitoring system and communication monitoring method | |
| JP2022521833A (en) | Graph stream mining pipeline for efficient subgraph detection | |
| US9774628B2 (en) | Method for analyzing suspicious activity on an aircraft network | |
| Rubio et al. | Tracking apts in industrial ecosystems: A proof of concept | |
| JP6962374B2 (en) | Log analyzer, log analysis method and program | |
| Demırcı et al. | Virtual security functions and their placement in software defined networks: A survey |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |